diff --git a/src/main/java/com/cx/restclient/CxSASTClient.java b/src/main/java/com/cx/restclient/CxSASTClient.java index 67758c99..f9d256a0 100644 --- a/src/main/java/com/cx/restclient/CxSASTClient.java +++ b/src/main/java/com/cx/restclient/CxSASTClient.java @@ -712,7 +712,6 @@ private CxID createRemoteSourceRequest(long projectId, String apiVersion,HttpEnt private SASTStatisticsResponse getScanStatistics(long scanId) throws IOException { String apiVersion = getContentTypeAndApiVersion(config, SAST_SCAN_RESULTS_STATISTICS); - System.out.println("Using API version for SAST scan statistics: " + apiVersion); return httpClient.getRequest(SAST_SCAN_RESULTS_STATISTICS.replace(SCAN_ID_PATH_PARAM, Long.toString(scanId)), apiVersion, SASTStatisticsResponse.class, 200, "SAST scan statistics", false); } diff --git a/src/main/java/com/cx/restclient/common/summary/SummaryUtils.java b/src/main/java/com/cx/restclient/common/summary/SummaryUtils.java index 88dc7c5f..9bb90871 100644 --- a/src/main/java/com/cx/restclient/common/summary/SummaryUtils.java +++ b/src/main/java/com/cx/restclient/common/summary/SummaryUtils.java @@ -69,6 +69,14 @@ else if(config.isOsaEnabled()) //calculate sast bars: float maxCount = Math.max(sastResults.getHigh(), Math.max(sastResults.getMedium(), sastResults.getLow())); float sastBarNorm = maxCount * 10f / 9f; + + //sast critical bars + float sastCriticalTotalHeight = (float) sastResults.getCritical() / sastBarNorm * 238f; + float sastCriticalNewHeight = calculateNewBarHeight(sastResults.getNewCritical(), sastResults.getCritical(), sastCriticalTotalHeight); + float sastCriticalRecurrentHeight = sastCriticalTotalHeight - sastCriticalNewHeight; + templateData.put("sastCriticalTotalHeight", sastCriticalTotalHeight); + templateData.put("sastCriticalNewHeight", sastCriticalNewHeight); + templateData.put("sastCriticalRecurrentHeight", sastCriticalRecurrentHeight); //sast high bars float sastHighTotalHeight = (float) sastResults.getHigh() / sastBarNorm * 238f; @@ -94,13 +102,6 @@ else if(config.isOsaEnabled()) templateData.put("sastLowNewHeight", sastLowNewHeight); templateData.put("sastLowRecurrentHeight", sastLowRecurrentHeight); - //sast critical bars - float sastCriticalTotalHeight = (float) sastResults.getCritical() / sastBarNorm * 238f; - float sastCriticalNewHeight = calculateNewBarHeight(sastResults.getNewCritical(), sastResults.getCritical(), sastCriticalTotalHeight); - float sastCriticalRecurrentHeight = sastCriticalTotalHeight - sastCriticalNewHeight; - templateData.put("sastCriticalTotalHeight", sastCriticalTotalHeight); - templateData.put("sastCriticalNewHeight", sastCriticalNewHeight); - templateData.put("sastCriticalRecurrentHeight", sastCriticalRecurrentHeight); } else { buildFailed = true; } diff --git a/src/main/java/com/cx/restclient/configuration/CxScanConfig.java b/src/main/java/com/cx/restclient/configuration/CxScanConfig.java index 6a34bdc5..07c58646 100644 --- a/src/main/java/com/cx/restclient/configuration/CxScanConfig.java +++ b/src/main/java/com/cx/restclient/configuration/CxScanConfig.java @@ -65,10 +65,10 @@ public void setShowCriticalLabel(boolean showCriticalLabel) { private Boolean isIncremental = false; private Boolean isSynchronous = false; private Boolean sastThresholdsEnabled = false; + private Integer sastCriticalThreshold; private Integer sastHighThreshold; private Integer sastMediumThreshold; private Integer sastLowThreshold; - private Integer sastCriticalThreshold; private Boolean sastNewResultsThresholdEnabled = false; private String sastNewResultsThresholdSeverity; private TokenLoginResponse token; @@ -506,6 +506,14 @@ public Boolean getSastThresholdsEnabled() { public void setSastThresholdsEnabled(Boolean sastThresholdsEnabled) { this.sastThresholdsEnabled = sastThresholdsEnabled; } + + public Integer getSastCriticalThreshold() { + return sastCriticalThreshold; + } + + public void setSastCriticalThreshold(Integer sastCriticalThreshold) { + this.sastCriticalThreshold = sastCriticalThreshold; + } public Integer getSastHighThreshold() { return sastHighThreshold; @@ -530,14 +538,6 @@ public Integer getSastLowThreshold() { public void setSastLowThreshold(Integer sastLowThreshold) { this.sastLowThreshold = sastLowThreshold; } - - public Integer getSastCriticalThreshold() { - return sastCriticalThreshold; - } - - public void setSastCriticalThreshold(Integer sastCriticalThreshold) { - this.sastCriticalThreshold = sastCriticalThreshold; - } public String getSastNewResultsThresholdSeverity() { return sastNewResultsThresholdSeverity; @@ -664,7 +664,9 @@ public String getOsaDependenciesJson() { } public boolean isSASTThresholdEffectivelyEnabled() { - return isSastEnabled() && getSastThresholdsEnabled() && (getSastHighThreshold() != null || getSastMediumThreshold() != null || getSastLowThreshold() != null || getSastCriticalThreshold() != null); + + return isSastEnabled() && getSastThresholdsEnabled() && (getSastCriticalThreshold() != null || getSastHighThreshold() != null || getSastMediumThreshold() != null || getSastLowThreshold() != null ); + } public boolean isOSAThresholdEffectivelyEnabled() { diff --git a/src/main/java/com/cx/restclient/dto/scansummary/ScanSummary.java b/src/main/java/com/cx/restclient/dto/scansummary/ScanSummary.java index 23f15228..c1a67fc5 100644 --- a/src/main/java/com/cx/restclient/dto/scansummary/ScanSummary.java +++ b/src/main/java/com/cx/restclient/dto/scansummary/ScanSummary.java @@ -90,6 +90,7 @@ private void addSastThresholdErrors(CxScanConfig config, SASTResults sastResults if (config.isSASTThresholdEffectivelyEnabled() && sastResults != null && sastResults.isSastResultsReady()) { + checkForThresholdError(sastResults.getCritical(), config.getSastCriticalThreshold(), ErrorSource.SAST, Severity.CRITICAL); checkForThresholdError(sastResults.getHigh(), config.getSastHighThreshold(), ErrorSource.SAST, Severity.HIGH); checkForThresholdError(sastResults.getMedium(), config.getSastMediumThreshold(), ErrorSource.SAST, Severity.MEDIUM); checkForThresholdError(sastResults.getLow(), config.getSastLowThreshold(), ErrorSource.SAST, Severity.LOW); @@ -157,9 +158,16 @@ private void addNewResultThresholdErrors(CxScanConfig config, SASTResults sastRe } severity = "HIGH"; } + + if ("HIGH".equals(severity)) { + if (sastResults.getNewHigh() > 0) { + newResultThresholdErrors.add(Severity.HIGH); + } + severity = "CRITICAL"; + } - if ("HIGH".equals(severity) && sastResults.getNewHigh() > 0) { - newResultThresholdErrors.add(Severity.HIGH); + if ("CRITICAL".equals(severity) && sastResults.getNewCritical() > 0) { + newResultThresholdErrors.add(Severity.CRITICAL); } } } diff --git a/src/main/java/com/cx/restclient/sast/dto/SASTResults.java b/src/main/java/com/cx/restclient/sast/dto/SASTResults.java index af7b04a6..15fb76e4 100644 --- a/src/main/java/com/cx/restclient/sast/dto/SASTResults.java +++ b/src/main/java/com/cx/restclient/sast/dto/SASTResults.java @@ -48,15 +48,15 @@ public class SASTResults extends Results implements Serializable { private static final String DEFAULT_AUTH_API_PATH = "CxRestApi/auth/" + AUTHENTICATION; private boolean sastResultsReady = false; private int high = 0; + private int critical = 0; private int medium = 0; private int low = 0; - private int critical = 0; private int information = 0; - + + private int newCritical = 0; private int newHigh = 0; private int newMedium = 0; private int newLow = 0; - private int newCritical = 0; private int newInfo = 0; private String sastScanLink; @@ -98,7 +98,8 @@ public void setSastLanguage(String sastLanguage) { private List sastPolicies = new ArrayList<>(); public enum Severity { - High, Medium, Low, CRITICAL, Information; + Critical, CRITICAL, High, Medium, Low, Information; + } @@ -122,6 +123,10 @@ public void setScanDetailedReport(CxXMLResults reportObj,CxScanConfig config) th } else if ("New".equals(result.getStatus())) { Severity sev = Severity.valueOf(result.getSeverity()); switch (sev) { + case CRITICAL: + case Critical: + newCritical++; + break; case High: newHigh++; break; @@ -131,9 +136,6 @@ public void setScanDetailedReport(CxXMLResults reportObj,CxScanConfig config) th case Low: newLow++; break; - case CRITICAL: - newCritical++; - break; case Information: newInfo++; break; @@ -155,6 +157,7 @@ private void setLanguageEquivalent(String sastLanguage) { languageMap = new HashMap(); SupportedLanguage lang = SupportedLanguage.valueOf(languageTag); + languageMap.put("Critical", lang.getCritical()); languageMap.put("High", lang.getHigh()); languageMap.put("Medium", lang.getMedium()); languageMap.put("Low", lang.getLow()); @@ -172,6 +175,7 @@ public String encodeXSS(String injection) { } public void setResults(long scanId, SASTStatisticsResponse statisticsResults, String url, long projectId) { setScanId(scanId); + setCritical(statisticsResults.getCriticalSeverity()); setHigh(statisticsResults.getHighSeverity()); setMedium(statisticsResults.getMediumSeverity()); setLow(statisticsResults.getLowSeverity()); @@ -192,6 +196,14 @@ public long getScanId() { public void setScanId(long scanId) { this.scanId = scanId; } + + public int getCritical() { + return critical; + } + + public void setCritical(int critical) { + this.critical = critical; + } public int getHigh() { return high; @@ -216,14 +228,6 @@ public int getLow() { public void setLow(int low) { this.low = low; } - - public int getCritical() { - return critical; - } - - public void setCritical(int critical) { - this.critical = critical; - } public int getInformation() { return information; @@ -232,6 +236,14 @@ public int getInformation() { public void setInformation(int information) { this.information = information; } + + public int getNewCritical() { + return newCritical; + } + + public void setNewCritical(int newCritical) { + this.newCritical = newCritical; + } public int getNewHigh() { return newHigh; @@ -256,14 +268,6 @@ public int getNewLow() { public void setNewLow(int newLow) { this.newLow = newLow; } - - public int getNewCritical() { - return newCritical; - } - - public void setNewCritical(int newCritical) { - this.newCritical = newCritical; - } public int getNewInfo() { return newInfo; @@ -394,7 +398,7 @@ public void setPDFReport(byte[] PDFReport) { } public boolean hasNewResults() { - return newHigh + newMedium + newLow + newCritical > 0; + return newCritical + newHigh + newMedium + newLow > 0; } private void setScanStartEndDates(String scanStart, String scanTime, String lang) { diff --git a/src/main/java/com/cx/restclient/sast/dto/SupportedLanguage.java b/src/main/java/com/cx/restclient/sast/dto/SupportedLanguage.java index 3c3d0c94..26d95d16 100644 --- a/src/main/java/com/cx/restclient/sast/dto/SupportedLanguage.java +++ b/src/main/java/com/cx/restclient/sast/dto/SupportedLanguage.java @@ -4,15 +4,15 @@ public enum SupportedLanguage { - ENUS(new Locale("en-US"),"High","Medium","Low","CRITICAL","Information", "EEEE, MMMM dd, yyyy hh:mm:ss a"), - JAJP(new Locale("ja-JP"),"高","中","低","危うい","情報","yyyy年M月d日 H:mm:ss"), - FRFR(new Locale("fr-FR"),"Haute","Moyenne","Basse","critique","Informations","EEEE dd MMMM yyyy HH:mm:ss"), - PTBR(new Locale("pt-BR"),"Alto","Médio","Baixo","crítico","Em formação", "EEEE, d 'de' MMMM 'de' yyyy HH:mm:ss"), - ESES(new Locale("es-ES"),"Altas","Medias","Bajas","Crítico","Información","EEEE, d 'de' MMMM 'de' yyyy HH:mm:ss"), - KOKR(new Locale("ko-KR"),"높음","중간","낮음","비판적인","정보", "yyyy년 M월 d일 EEEE a h:mm:ss"), - ZHCN(new Locale("zh-CN"),"高危","中危","低危","危急","信息", "yyyy年M月d日 HH:mm:ss"), - ZHTW(new Locale("zh-TW"),"高","中","低","危急","信息", "yyyy年M月d日 a hh:mm:ss"), - RURU(new Locale("ru-RU"),"Высокое","Среднее","Низкое","критический","Информация","d MMMM yyyy 'г'. H:mm:ss"); + ENUS(new Locale("en-US"),"Critical","High","Medium","Low","Information", "EEEE, MMMM dd, yyyy hh:mm:ss a"), + JAJP(new Locale("ja-JP"),"危うい","高","中","低","情報","yyyy年M月d日 H:mm:ss"), + FRFR(new Locale("fr-FR"),"critique","Haute","Moyenne","Basse","Informations","EEEE dd MMMM yyyy HH:mm:ss"), + PTBR(new Locale("pt-BR"),"crítico","Alto","Médio","Baixo","Em formação", "EEEE, d 'de' MMMM 'de' yyyy HH:mm:ss"), + ESES(new Locale("es-ES"),"Crítico","Altas","Medias","Bajas","Información","EEEE, d 'de' MMMM 'de' yyyy HH:mm:ss"), + KOKR(new Locale("ko-KR"),"비판적인","높음","중간","낮음","정보", "yyyy년 M월 d일 EEEE a h:mm:ss"), + ZHCN(new Locale("zh-CN"),"危急","高危","中危","低危","信息", "yyyy年M月d日 HH:mm:ss"), + ZHTW(new Locale("zh-TW"),"危急","高","中","低","信息", "yyyy年M月d日 a hh:mm:ss"), + RURU(new Locale("ru-RU"),"критический","Высокое","Среднее","Низкое","Информация","d MMMM yyyy 'г'. H:mm:ss"); private final Locale locale; private final String High; @@ -22,12 +22,12 @@ public enum SupportedLanguage { private final String Information; private final String datePattern; - private SupportedLanguage(Locale locale, String high, String medium, String low, String critical, String information, String datePattern) { + private SupportedLanguage(Locale locale, String critical, String high, String medium, String low, String information, String datePattern) { this.locale = locale; + this.Critical = critical; this.High = high; this.Medium = medium; this.Low = low; - this.Critical = critical; this.Information = information; this.datePattern = datePattern; } @@ -35,6 +35,10 @@ private SupportedLanguage(Locale locale, String high, String medium, String low, public Locale getLocale() { return locale; } + + public String getCritical() { + return Critical; + } public String getHigh() { return High; @@ -47,10 +51,6 @@ public String getMedium() { public String getLow() { return Low; } - - public String getCritical() { - return Critical; - } public String getInformation() { return Information; diff --git a/src/main/java/com/cx/restclient/sast/utils/SASTUtils.java b/src/main/java/com/cx/restclient/sast/utils/SASTUtils.java index 999c481e..852ac8a9 100644 --- a/src/main/java/com/cx/restclient/sast/utils/SASTUtils.java +++ b/src/main/java/com/cx/restclient/sast/utils/SASTUtils.java @@ -49,9 +49,6 @@ public static void printSASTResultsToConsole(CxScanConfig config, SASTResults sa String infoNew = sastResults.getNewInfo() > 0 ? " (" + sastResults.getNewInfo() + " new)" : ""; log.info("----------------------------Checkmarx Scan Results(CxSAST):-------------------------------"); - log.info("High severity results: " + sastResults.getHigh() + highNew); - log.info("Medium severity results: " + sastResults.getMedium() + mediumNew); - log.info("Low severity results: " + sastResults.getLow() + lowNew); CxVersion cxVersion = config.getCxVersion(); String sastVersion = cxVersion != null ? cxVersion.getVersion() : null; if (sastVersion != null && !sastVersion.isEmpty()) { @@ -59,11 +56,14 @@ public static void printSASTResultsToConsole(CxScanConfig config, SASTResults sa if (versionComponents.length >= 2) { String currentVersion = versionComponents[0] + "." + versionComponents[1]; float currentVersionFloat = Float.parseFloat(currentVersion); - if (currentVersionFloat == Float.parseFloat("9.7")) { + if (currentVersionFloat >= Float.parseFloat("9.7")) { log.info("Critical severity results: " + sastResults.getCritical() + criticalNew); } } } + log.info("High severity results: " + sastResults.getHigh() + highNew); + log.info("Medium severity results: " + sastResults.getMedium() + mediumNew); + log.info("Low severity results: " + sastResults.getLow() + lowNew); log.info("Information severity results: " + sastResults.getInformation() + infoNew); log.info(""); if (sastResults.getSastScanLink() != null) diff --git a/src/main/resources/com/cx/report/report.ftl b/src/main/resources/com/cx/report/report.ftl index 0ed6b03e..af51f515 100644 --- a/src/main/resources/com/cx/report/report.ftl +++ b/src/main/resources/com/cx/report/report.ftl @@ -739,6 +739,7 @@ padding: 11px; } + .cx-report table.cve-table td.sast-cve-table-critical .cx-report table.cve-table td.sast-cve-table-high, .cx-report table.cve-table td.sast-cve-table-medium, .cx-report table.cve-table td.sast-cve-table-low @@ -1127,6 +1128,85 @@ @@ -1966,7 +1967,9 @@ --> <#if config.isSastEnabled() && config.generateXmlReport &&sast.sastResultsReady> - <#if sast.high gt 0 || sast.medium gt 0 || sast.low gt 0 || sast.critical gt 0> + + <#if sast.critical gt 0 || sast.high gt 0 || sast.medium gt 0 || sast.low gt 0> +
@@ -2184,6 +2187,52 @@
+ + <#if sast.critical gt 0> +
+
+
+ + Critical + + + + + + + + + + + + + + + + + + +
+
Critical
+
${sast.critical}
+
+ + + + + + <#list sast.queryList as query> + <#if (query.severity == sast.languageMap["Critical"]) || (query.severity == "CRITICAL")> + + + + + + +
VulnerabilityIssues Found
${sast.encodeXSS(query.name)}${query.result?size}
+
+ + <#if sast.high gt 0>
@@ -2344,57 +2393,6 @@
- <#if sast.critical gt 0> -
-
-
- Critical - - - - - - - - - - - - - - - - - - -
-
Critical
-
${sast.critical}
-
- - - - - - <#list sast.queryList as query> - <#if query.severity == sast.languageMap["CRITICAL"]> - - - - - - -
VulnerabilityIssues Found
${sast.encodeXSS(query.name)}${query.result?size}
-
-